mirror of
https://github.com/github/codeql.git
synced 2026-05-05 13:45:19 +02:00
Use synthetic fields to improve taint precision
This commit is contained in:
Tony Torralba
@@ -13,14 +13,6 @@ import android.os.Bundle;
|
||||
// Test case generated by GenerateFlowTestCase.ql
|
||||
public class Test {
|
||||
|
||||
Notification.Action.Builder newActionBuilderWithExtras(Bundle element) {
|
||||
return null;
|
||||
}
|
||||
|
||||
Notification.Builder newBuilderWithExtras(Bundle element) {
|
||||
return null;
|
||||
}
|
||||
|
||||
Object getMapKeyDefault(Bundle container) {
|
||||
return null;
|
||||
}
|
||||
@@ -50,21 +42,24 @@ public class Test {
|
||||
public void test() throws Exception {
|
||||
|
||||
{
|
||||
// "android.app;Notification$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint"
|
||||
// "android.app;Notification$Action$Builder;true;Builder;(Action);;SyntheticField[android.app.Notification.action]
|
||||
// of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint"
|
||||
Notification.Action.Builder out = null;
|
||||
Notification.Action in = (Notification.Action) source();
|
||||
out = new Notification.Action.Builder(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint"
|
||||
// "android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action]
|
||||
// of Argument[-1];taint"
|
||||
Notification.Action.Builder out = null;
|
||||
PendingIntent in = (PendingIntent) source();
|
||||
out = new Notification.Action.Builder((Icon) null, (CharSequence) null, in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint"
|
||||
// "android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action]
|
||||
// of Argument[-1];taint"
|
||||
Notification.Action.Builder out = null;
|
||||
PendingIntent in = (PendingIntent) source();
|
||||
out = new Notification.Action.Builder(0, (CharSequence) null, in);
|
||||
@@ -79,17 +74,17 @@ public class Test {
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Action$Builder;true;addExtras;;;MapKey of
|
||||
// Argument[0];MapKey of SyntheticField[android.app.Notification$Action$Builder.extras]
|
||||
// of Argument[-1];value"
|
||||
// Argument[0];MapKey of SyntheticField[android.content.Intent.extras] of
|
||||
// Argument[-1];value"
|
||||
Notification.Action.Builder out = null;
|
||||
Bundle in = newWithMapKeyDefault(source());
|
||||
Bundle in = (Bundle) newWithMapKeyDefault(source());
|
||||
out.addExtras(in);
|
||||
sink(getMapKeyDefault(out.getExtras())); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Action$Builder;true;addExtras;;;MapValue of
|
||||
// Argument[0];MapValue of
|
||||
// SyntheticField[android.app.Notification$Action$Builder.extras] of Argument[-1];value"
|
||||
// Argument[0];MapValue of SyntheticField[android.content.Intent.extras]
|
||||
// of Argument[-1];value"
|
||||
Notification.Action.Builder out = null;
|
||||
Bundle in = (Bundle) newWithMapValueDefault(source());
|
||||
out.addExtras(in);
|
||||
@@ -103,7 +98,8 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint"
|
||||
// "android.app;Notification$Action$Builder;true;build;;;SyntheticField[android.app.Notification.action]
|
||||
// of Argument[-1];SyntheticField[android.app.Notification.action] of ReturnValue;taint"
|
||||
Notification.Action out = null;
|
||||
Notification.Action.Builder in = (Notification.Action.Builder) source();
|
||||
out = in.build();
|
||||
@@ -117,12 +113,12 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Action$Builder;true;getExtras;;;SyntheticField[android.app.Notification$Action$Builder.extras]
|
||||
// "android.app;Notification$Action$Builder;true;getExtras;;;SyntheticField[android.content.Intent.extras]
|
||||
// of Argument[-1];ReturnValue;value"
|
||||
Bundle out = null;
|
||||
Notification.Action.Builder in = newActionBuilderWithExtras((Bundle) source());
|
||||
Notification.Action.Builder in = (Notification.Action.Builder) source();
|
||||
out = in.getExtras();
|
||||
sink(out); // $ hasValueFlow
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Action$Builder;true;setAllowGeneratedReplies;;;Argument[-1];ReturnValue;value"
|
||||
@@ -153,21 +149,24 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint"
|
||||
// "android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action]
|
||||
// of Argument[-1];taint"
|
||||
Notification.Action out = null;
|
||||
PendingIntent in = (PendingIntent) source();
|
||||
out = new Action(0, null, in);
|
||||
out = new Notification.Action(0, null, in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint"
|
||||
// "android.app;Notification$Builder;true;addAction;(Action);;SyntheticField[android.app.Notification.action]
|
||||
// of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint"
|
||||
Notification.Builder out = null;
|
||||
Notification.Action in = (Notification.Action) source();
|
||||
out.addAction(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint"
|
||||
// "android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];SyntheticField[android.app.Notification.action]
|
||||
// of Argument[-1];taint"
|
||||
Notification.Builder out = null;
|
||||
PendingIntent in = (PendingIntent) source();
|
||||
out.addAction(0, null, in);
|
||||
@@ -196,17 +195,17 @@ public class Test {
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;addExtras;;;MapKey of Argument[0];MapKey of
|
||||
// SyntheticField[android.app.Notification$Builder.extras] of Argument[-1];value"
|
||||
// SyntheticField[android.content.Intent.extras] of Argument[-1];value"
|
||||
Notification.Builder out = null;
|
||||
Bundle in = newWithMapKeyDefault(source());
|
||||
Bundle in = (Bundle) newWithMapKeyDefault(source());
|
||||
out.addExtras(in);
|
||||
sink(getMapKeyDefault(out.getExtras())); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;addExtras;;;MapValue of Argument[0];MapValue
|
||||
// of SyntheticField[android.app.Notification$Builder.extras] of Argument[-1];value"
|
||||
// of SyntheticField[android.content.Intent.extras] of Argument[-1];value"
|
||||
Notification.Builder out = null;
|
||||
Bundle in = newWithMapValueDefault(source());
|
||||
Bundle in = (Bundle) newWithMapValueDefault(source());
|
||||
out.addExtras(in);
|
||||
sink(getMapValueDefault(out.getExtras())); // $ hasValueFlow
|
||||
}
|
||||
@@ -225,7 +224,8 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;build;;;Argument[-1];ReturnValue;taint"
|
||||
// "android.app;Notification$Builder;true;build;;;SyntheticField[android.app.Notification.action]
|
||||
// of Argument[-1];SyntheticField[android.app.Notification.action] of ReturnValue;taint"
|
||||
Notification out = null;
|
||||
Notification.Builder in = (Notification.Builder) source();
|
||||
out = in.build();
|
||||
@@ -239,15 +239,16 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;getExtras;;;SyntheticField[android.app.Notification$Builder.extras]
|
||||
// "android.app;Notification$Builder;true;getExtras;;;SyntheticField[android.content.Intent.extras]
|
||||
// of Argument[-1];ReturnValue;value"
|
||||
Bundle out = null;
|
||||
Notification.Builder in = newBuilderWithExtras((Bundle) source());
|
||||
Notification.Builder in = (Notification.Builder) source();
|
||||
out = in.getExtras();
|
||||
sink(out); // $ hasValueFlow
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;recoverBuilder;;;Argument[1];ReturnValue;taint"
|
||||
// "android.app;Notification$Builder;true;recoverBuilder;;;SyntheticField[android.app.Notification.action]
|
||||
// of Argument[1];SyntheticField[android.app.Notification.action] of ReturnValue;taint"
|
||||
Notification.Builder out = null;
|
||||
Notification in = (Notification) source();
|
||||
out = Notification.Builder.recoverBuilder(null, in);
|
||||
@@ -261,8 +262,9 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;setActions;;;ArrayElement of
|
||||
// Argument[0];Argument[-1];taint"
|
||||
// "android.app;Notification$Builder;true;setActions;;;SyntheticField[android.app.Notification.action]
|
||||
// of ArrayElement of Argument[0];SyntheticField[android.app.Notification.action] of
|
||||
// Argument[-1];taint"
|
||||
Notification.Builder out = null;
|
||||
Notification.Action[] in = (Notification.Action[]) new Notification.Action[] {
|
||||
(Notification.Action) source()};
|
||||
@@ -347,7 +349,8 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint"
|
||||
// "android.app;Notification$Builder;true;setContentIntent;;;Argument[0];SyntheticField[android.app.Notification.action]
|
||||
// of Argument[-1];taint"
|
||||
Notification.Builder out = null;
|
||||
PendingIntent in = (PendingIntent) source();
|
||||
out.setContentIntent(in);
|
||||
@@ -396,7 +399,8 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];Argument[-1];taint"
|
||||
// "android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];SyntheticField[android.app.Notification.action]
|
||||
// of Argument[-1];taint"
|
||||
Notification.Builder out = null;
|
||||
PendingIntent in = (PendingIntent) source();
|
||||
out.setDeleteIntent(in);
|
||||
@@ -410,7 +414,7 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// android.app;Notification$Builder;true;setExtras;;;Argument[0];SyntheticField[android.app.Notification$Builder.extras]
|
||||
// "android.app;Notification$Builder;true;setExtras;;;Argument[0];SyntheticField[android.content.Intent.extras]
|
||||
// of Argument[-1];value"
|
||||
Notification.Builder out = null;
|
||||
Bundle in = (Bundle) source();
|
||||
@@ -537,7 +541,8 @@ public class Test {
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "android.app;Notification$Builder;true;setPublicVersion;;;Argument[0];Argument[-1];taint"
|
||||
// "android.app;Notification$Builder;true;setPublicVersion;;;SyntheticField[android.app.Notification.action]
|
||||
// of Argument[0];SyntheticField[android.app.Notification.action] of Argument[-1];taint"
|
||||
Notification.Builder out = null;
|
||||
Notification in = (Notification) source();
|
||||
out.setPublicVersion(in);
|
||||
|
||||
Reference in New Issue
Block a user